I was very interested to read a report that came out Tuesday in the online publication TechRepublic. That report relayed the results of a survey by RiskIQ, a San Francisco-based digital threat management solutions provider.
As Alison DeNisco Rayome noted in her article, entitled “Security nightmares: These 3 threats keep CISOs up at night,” “The barrage of cyberattacks that CISOs must diffuse on a daily basis show no signs of slowing: 89% of all information security leaders report concerns over the rise of digital threats their organizations are experiencing across web, social, and mobile channels, according to a new report from RiskIQ. According to the 1,691 US and UK CISOs surveyed for the report, the top threats keeping CISOs up at night are as follows: 1. Phishing and malware attacks on employees and customers 2. Brand impersonation, abuse, and reputational damage. 3. Information breaches.”
Further, in its announcement on Tuesday, RiskIQ had stated this: “RiskIQ, the leader in digital threat management, today announced the release of its 2018 CISO Survey, revealing that 89.1 percent of all information security leaders are concerned about the rise of digital threats they are experiencing across web, social and mobile channels. Some 1,691 U.S. and U.K information security leaders across multiple verticals, including enterprise, consulting, government and education, provided insights into their cyber risk concerns and plans for 2018. Overall,” the RiskIQ announcement noted, “the survey revealed a coming “perfect storm”, where the problem of staff shortages collides with escalating cybercrime, leaving organizations ill-equipped to manage and respond to cyber risks and threats that are accelerating in an era of digital transformation, pervasive connections and increasingly sophisticated attack strategies sponsored by nation-states and rogue actors.” And, it added, issues around the Spectre and Meltdown phenomena dominated the news in early 2018, and after a year of major security breach announcements and settlements, including Equifax, Yahoo and Anthem, concern over breaches should hardly be surprising.
Among the key findings of the RiskIQ survey of CISOs in the United States and United Kingdom, across all industries:
> 67 percent of cybersecurity leaders do not have sufficient staff to handle the daily barrage of cyber alerts they receive
> 60 percent expect digital threats to grow as their organizations increase online engagement with customers
> The top three digital threats information security leaders fear are phishing and malware attacks on employees and customers; brand impersonation, abuse, and reputational damage; and information breaches
> The top risk organizations face today is a lack of experienced staff to monitor and help protect networks from cybercrime
> Currently, 37 percent of firms have engaged a managed security services provider (MSSP) to help monitor and manage cyber threats
In releasing his company’s survey, CEO Lou Manousos, said, “The RiskIQ 2018 CISO Survey illuminates a growing industry-wide problem, which is that cybercrime is growing at scale, and enterprises are already experiencing critical staff shortages. That’s one reason 1 in 3 organizations have engaged with an MSSP to combat cyber risks and threats, and we expect that number to grow as the competition for top security talent gets far more intense.”
We’re not alone in healthcare
So, what to make of all these results? Well, let’s see… First of all, it’s amazing how much commonality there is between and among different industries, when it comes to the cyberthreats and cybersecurity issues facing CISOs and other IT leaders, across different industries.
We really aren’t alone, in healthcare. And that’s both “good” and “bad.” What I mean by that is that, on a certain level, it’s very helpful and good to know that healthcare IT leaders are not alone in this struggle; they are not uniquely subject to the vast range of cybersecurity threats out there in the world. Indeed, virtually every business industry is facing the same broad outlines. Thus, there are CISOs in every industry that has information systems (which is very industry nowadays).
The numbers alone are chilling: the fact that “67 percent of cybersecurity leaders do not have sufficient staff to handle the daily barrage of cyber alerts they receive”; and the fact that “60 percent expect digital threats to grow as their organizations increase online engagement with customers,” are deeply concerning.
What’s more, I found this particularly fascinating: “The top three digital threats information security leaders fear are phishing and malware attacks on employees and customers; brand impersonation, abuse, and reputational damage; and information breaches.” Now, here’s where things get interesting, because while healthcare organizations face the same broad cyberthreats as other industries, it is also true that healthcare is particularly vulnerable in certain respects. That’s because, while phishing attacks can impact any type of business organization, patient care organizations are faced with the special vulnerability around protected health information (PHI), which is at the core of the data and information that they maintain and work with.